Philterd

Talk to an Expert

Tell us about your stack and the privacy problems you're trying to solve. We typically respond within one business day.

Prefer to skip the form? Pick a time on our calendar →
or send a message

Policy Library

Redaction policies, ready to deploy

A community-curated library of Philter and Phileas policies covering HIPAA, PCI DSS, bankruptcy court filings, AI training prep, and more. Apache 2.0. Download as-is, fork, or contribute your own.

View on GitHub → Contribute a policy →
Healthcare v1.0.0

Clinical Notes De-Identification (Date-Shifted)

De-identify clinical notes for research, ML training, or analytics — preserving temporal relationships via per-patient date shifting.

HIPAAPHIclinical notesdate shiftingresearch
Philterd
Contact Center v1.0.0

Contact Center Call Recording Transcripts

Strip cardholder data and PII from contact-center call transcripts — primarily PAN, CVV, SSN, account numbers — to reduce PCI DSS scope and meet QA privacy requirements.

PCI DSScontact centercall recordingtranscriptsPCI scope reductionQA
Philterd
Education v1.0.0

FERPA Student Records Redaction

Remove personally identifiable information from student educational records per FERPA (20 USC 1232g; 34 CFR Part 99).

FERPAeducationK-12higher-edstudent records20 USC 1232g
Philterd
General v1.0.0

General-Purpose Starter Policy

A balanced starting policy covering common PII types — names, contact info, government IDs, payment data — with no vertical-specific tuning.

startergeneraldefault
Philterd
Finance v1.0.0

GLBA Nonpublic Personal Information (NPPI) Redaction

Redact Nonpublic Personal Information (NPPI) from financial customer records under the Gramm-Leach-Bliley Act (15 USC 6801-6809).

GLBANPPIfinancial privacySafeguards Rule15 USC 6801banking
Philterd
Healthcare v1.0.0

HIPAA Safe Harbor De-Identification

Remove all 18 HIPAA Safe Harbor identifiers from clinical text per 45 CFR 164.514(b)(2).

HIPAASafe HarborPHI45 CFR 164.514de-identification
Philterd
AI Training v1.0.0

LLM Training Data Preparation

Aggressive PII redaction for documents being fed into LLM training, fine-tuning, or RAG vector stores — preserves semantic structure with type tokens.

AILLMfine-tuningtraining dataRAGingestion
Philterd
Healthcare v1.0.0

Medical Chatbot — User Input Redaction

Redact PHI from user messages to a healthcare chatbot before they reach the LLM — preserves clinical meaning while removing identifiers.

HIPAAPHIchatbotLLMconversational AIRAG
Philterd
Finance v1.0.0

PCI DSS Scope Reduction

Strip cardholder data (PAN, CVV, expiration) from logs, transcripts, and tickets to reduce PCI DSS scope per Requirement 3.4.

PCI DSScardholder dataPANscope reductionReq 3.4
Philterd

Using a policy

Every policy is a single JSON file. Download it, upload it to your Philter instance, and reference it by name from the redaction API.

# 1. Download the policy
curl -O https://raw.githubusercontent.com/philterd/pii-redaction-policies/main/policies/philterd/healthcare/hipaa-safe-harbor.json

# 2. Upload to your Philter instance
curl -X POST http://localhost:8080/api/policies \
     -H "Content-Type: application/json" \
     --data @hipaa-safe-harbor.json

# 3. Redact text using the policy
curl http://localhost:8080/api/filter?p=hipaa-safe-harbor \
     --data "Patient John Smith was discharged on 2025-03-14." \
     -H "Content-Type: text/plain"

No Philter instance yet? Deploy one in 5 minutes →

Contributing

The library lives at github.com/philterd/pii-redaction-policies. PRs welcome — bring your own vertical, your own custom identifiers, your own edge cases.

Why contributing matters

The library is more useful the more eyes are on it. Every policy you contribute saves another team — in healthcare, finance, legal, government, AI training — from rebuilding the same thing privately and often incorrectly. A rising tide lifts all boats.

  • You save peers time. A FERPA policy you write for K-12 student records is the starting point another district uses next week. A call-center PCI policy you tune today is the one a peer at a different bank doesn’t have to invent from scratch.
  • You get better policies. Public PR review pulls in compliance officers, security engineers, and practitioners from outside your team. Your draft comes out tighter than anything a single team would ship alone.
  • You get credit. Your name (or your org’s) lands in the policy’s author field and shows up on the policy’s page right here on philterd.ai — durable attribution, not a buried changelog entry.
  • You compound the library. Healthcare PHI patterns inform finance NPPI work. Legal redaction patterns inform government FOIA prep. A contribution in one vertical strengthens the adjacent ones.
  • You make the whole ecosystem safer. Every team that adopts a vetted, peer-reviewed policy is one fewer team rolling their own regex and missing identifiers in production. Privacy is a collective-action problem; this is the collective action.

How review works

Every contribution gets reviewed for: schema compliance, sidecar metadata completeness, and golden-file validation against a representative input. See CONTRIBUTING.md for the file layout, metadata schema, and review process.

Need a policy that isn't here?

If you have a specific compliance framework or vertical use case in mind, the Philterd team can build a custom policy and tune it against your real data.